Social engineering is the art of human deception. In the world of cybersecurity, it’s how to fool human beings in order to conduct cyber attacks. Some of these cyber attacks can be very expensive to your business! In fact, many of the worst cyber attacks to your organization’s network start with fooling you or one of your employees. Penetrating a network without human interaction is really tough.

Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks.

During a penetration test, it's not an uncommon practice for a penetration tester to launch a password attack against Active Directory. Many times this password attack uses a list of domain user accounts that were enumerated or even just a list of potential domain user accounts that were generated randomly. Many penetration testers will either perform just a single password attack or at least 2-3 attempts, depending on domain's password lockout policy is set to.

A whaling attack is a type of phishing attack that targets high-level executives, such as the CEO or CFO, to steal sensitive information from a company. This could include financial information or employees' personal information. The reason whaling attacks target high-ranking employees is because they hold power in companies and often have complete access to sensitive data.

Cybersecurity threats are evolving and the IT industry is on high alert. Modern cyber threats are more sophisticated and fast such as malware, phishing, cryptojacking, and IoT threats. The major cyber-attacks in 2019 witnessed that cybersecurity defenses were inefficient to prevent cyber threats altogether. The situation will even prevail in 2020. However, mitigation strategies can help to minimize the chances of data breaches.

Over the past couple of years, cyber-attacks have been increasing both in frequency and sophistication. 2019 also witnessed a surge in cyber-attacks and many companies were suffering a huge financial and reputational loss. According to CISCO, DNS hijacking and targeted malware were the serious cyber threats of 2019, along with various others. Cyber pests were using various tools to capture data and evade detection, from Remote Access Trojans (RATs) to hide threats in encrypted traffic.